Creating, distributing, and maintaining a rich set of IPSec rules in an organization is a difficult and daunting task. All instances of rules must be synchronized for all systems in your organization that use them. Otherwise, there is a strong possibility that rules will no longer work.
For example, you might have a rule that applies to all members of the Human Resources department. You created this rule on each system that was part of the Human Resources destination workgroup, which you also set up and used when you created the rule.
Over time, however, one person has left this department and his system must be decommissioned. Two more people have joined this department. You could send a memo to each person in the group and request that they update the Human Resources destination workgroup to reflect these changes, removing the system for the person who left the department and adding the systems for the new members. You could even go to each system and make the changes yourself.
But these kinds of manual changes to rules require significant time and resource and are also prone to error. If you use Policy Manager to manage rules, these changes can be easily propagated to all members of the destination workgroup, without requiring any hands-on intervention.
If your organization uses customized rules, consider using Intel® NetStructure™ Policy Manager to distribute and maintain the System Policies on all Intel Packet Protect users.
With Policy Manager, you can create, modify, or delete rules and distribute those changes to the systems that require them. This distribution method helps ensure that your organization's Intel Packet Protect IPSec remains cohesive and up to date.
Additionally, when you use Policy Manager, individual users are prevented from making any changes to their System Policies. As even small changes to the elements of a rule can result in systems not being able to negotiate secure communication, this feature provides better control of System Policies for the administrator.
Copyright © 2000, Intel Corporation. All rights reserved.
Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.
* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.